A method and system of securing the firmware of a router. Upon determining that a received digital message does not have integrity or the digital signature of the received digital message is not correct, the digital message is ignored or discarded. Otherwise the digital message is decrypted and a new firmware extracted therefrom. The existing firmware is then flashed with the new extracted firmware.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A router comprising: one or more processors; memory coupled to the one or more processors, the memory including a program that is executable by the one or more processors to: receive a provisioning digital message from a firmware server, the provisioning digital message including a digital certificate and an initial encrypted firmware that, when unencrypted and installed on the router, prevents unauthorized access to an existing firmware of the router; receive a decryption key operative to decrypt the provisioning digital message; decrypt, using the decryption key, the initial encrypted firmware to create an unencrypted firmware; and install the unencrypted firmware.
2. The router of claim 1 , wherein the initial encrypted firmware has a symmetric key encryption format.
3. The router of claim 1 , wherein the program is further executable by the one or more processors to: receive a digital message that includes a new firmware; determine whether the digital message has integrity, based at least in part on a format of the new firmware; determine whether a digital signature of the digital message is correct; and in response in determining that the digital message has integrity and the digital signature is correct, decrypt the digital message.
4. The router of claim 3 , wherein the program is further executable by the one or more processors to: extract the new firmware; and install the new firmware in place of the existing firmware of the router.
5. The router of claim 1 , wherein the program is further executable by the one or more processors to: receive a digital message; determine whether the digital message has integrity; and in response to a determination that the digital message does not have integrity, discard the digital message.
6. The router of claim 1 , wherein the program is further executable by the one or more processors to: receive a digital message; determine whether a digital signature of the digital message is correct; and in response to a determination that the digital signature is not correct, discard the digital message.
7. The router of claim 1 , further comprising: at least one network interface coupled to the one or more processors and further configured to enable communications via one or more communication networks; and a cellular broadband driver, and wherein the program is further executable by the one or more processors to: receive, a digital message via the cellular broadband driver.
8. The router of claim 1 , further comprising: receiving a digital message; a security application stored in the memory, the security application further executable by the one or more processors to: determine that the digital message has integrity by performing at least one of a cyclic redundancy check (CRC) or a message digest check; or determine that a digital signature of the digital message is correct.
9. A computer-implemented method, comprising: under control of one or more processors: receiving, at a router, a provisioning digital message from a firmware server, the provisioning digital message including a digital certificate and an initial encrypted firmware that, when unencrypted and installed on the router, prevents unauthorized access to an existing firmware of the router; receiving, at the router, a decryption key operative to decrypt the provisioning digital message; decrypting, using the decryption key, the initial encrypted firmware to create an unencrypted firmware; and installing, at the router, the unencrypted firmware.
10. The computer-implemented method of claim 9 , further comprising: receiving, at the router, a digital message; transmitting, via the router, the digital message to a remote authentication server; and receiving, from the remote authentication server at the router, a confirmation that the digital message has integrity and a digital signature of the digital message is correct; and decrypting, using the decryption key, the digital message, based at least in part on the digital message having integrity and the digital signature being correct.
11. The computer-implemented method of claim 9 , further comprising: receiving, at the router, a digital message; determining whether the digital message has integrity; determining whether a digital signature of the digital message is correct; and in response to a determination that the digital message has integrity and the digital signature is correct, decrypting, using the decryption key, the digital message.
12. The computer-implemented method of claim 9 , further comprising: receiving, at the router, a digital message; determining whether the digital message has integrity; and in response to a determination that the digital message does not have integrity, discarding the digital message.
13. The computer-implemented method of claim 9 , further comprising: receiving, at the router, a digital message; determining whether a digital signature of the digital message is correct; and in response to a determination that the digital signature is not correct, discarding the digital message.
14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed on one or more processors, cause the one or more processors to perform acts comprising: receiving, at a router, a digital message; transmitting, via the router, the digital message to a remote authentication server; receiving, from the remote authentication server at the router, a confirmation that the digital message has integrity and a digital signature of the digital message is correct; and decrypting the digital message, based at least in part on the digital message having integrity and the digital signature being correct.
15. The non-transitory computer-readable medium of claim 14 , wherein the digital message includes a new firmware, and further storing computer-executable instructions that, when executed cause the one or more processors to perform acts comprising: in response to decrypting the digital message, extracting the new firmware from the digital message; and installing, on the router, the new firmware in place of an existing firmware.
16. The non-transitory computer-readable medium of claim 14 , further storing computer-executable instructions that, when executed cause the one or more processors to perform acts comprising: receiving, at the router a provisioning digital message from a firmware server, the provisioning digital message including a digital certificate and an initial encrypted firmware that, when unencrypted and installed on the router, prevent unauthorized access to an existing firmware of the router; decrypting the initial encrypted firmware to create an unencrypted firmware; and installing, on the router, the unencrypted firmware.
17. The non-transitory computer-readable medium of claim 16 , further storing computer-executable instructions that, when executed cause the one or more processors to perform acts comprising: receiving, at the router, a decryption key operative to decrypt the provisioning digital message, and wherein, decrypting the initial encrypted firmware to create an unencrypted firmware is based at least in part on the decryption key.
18. The non-transitory computer-readable medium of claim 14 , wherein the confirmation is a first confirmation, the digital message is a first digital message, and the digital signature is a first digital signature, and further storing computer-executable instructions that, when executed cause the one or more processors to perform acts comprising: receiving, at the router, a second digital message; receiving, from the remote authentication server, a second confirmation that at least one of the second digital message does not have integrity or a second digital signature of the second digital message is not correct; and discarding the second digital message.
19. The non-transitory computer-readable medium of claim 14 , wherein the confirmation that the digital message does have integrity is based at least in part on one of a cyclic redundancy check of a message digest check.
20. The non-transitory computer-readable medium of claim 14 , wherein the confirmation that the digital message does not have integrity is based at least in part on the digital message being in a format of a firmware update.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 30, 2017
July 7, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.